Dylan is an advanced, object-oriented, dynamic language which supports the rapid development of programs. When needed, the programmer can later optimize [his or her] programs for more efficient execution by supplying type information to the compiler. Nearly all entities in Dylan (including functions, classes, and basic data types such as integers) are first class objects. Additionally Dylan supports multiple inheritance, polymorphism, multiple dispatch, keyword arguments, object introspection, and many other advanced features…

What did it all to me personally? Since it was quite a lot of work to get the place done and I also got some very bad personal news the other day I was very unconcentrated, exhausted and kinda depressed. I behaved like a real asshole on a mailing list in general the last days and especially to a person who didn’t deserve it at all. I am a slow person anyway, so I didn’t yet got into deep hands-on really. Andreas brought me to mind that I still have a bored Macintosh PPC 8500 at Fat Fenders to get some Dylan porn under OS 8. It’s fun to have the Berlin crowd around and it’s a good spirit for the start, since it was the first activity at the new spot.

This weekend also took me to a couple of important personal decisions: I urgendly need a break. The last few months were quite a lot of shifting and I didn’t had time to think on myself much. I decided not to travel to Easterhegg in Hamburg but to stay in Dresden. It’s a pity since I wanted to talk about the current state of WTH and Project P preparations and Tim also has holidays. But I just need to focus on myself for the next couple of weeks. I won’t really have any possibilities later. tizzy just sponsored a WRT54G and we like to play with it in the next days. And when Astro is back from his holiday around eastern we will start with Geekal. In the moment we decided to use Ruby, but who knows …

This funny little error in Apple Mail I recognized because of some spam I received. This doesn’t work with URIs, so I don’t really think it’s exploitable. The content-type of the mail needs to be text/html with an ISO charset. The crude part looks like this:

Bruce Schneier blogs about Hack-A-Bike. Hack-A-Bikes are the hacked Call-A-Bikes from the DB (Deutsche Bahn - German Rail). Schneier agrees with the bike hackers that the design of the system is clever.

On the CCC website appeared a very interesting article about HackABike, which covers the brief explanation of hacked DB bikes in Berlin (DB is the German railway company). My favorite is the excerpt from a DB technician interview in the Mobil Magazine:

…”this technology makes us to the premier station-independant city-bike-sytem. the code is unbreakable and we are really proud of”…

When will people learn that there is no such thing as “unbreakable code”?

After reading this little post from “Der Schockwellenreiter” regarding the topic if “you need the right operation system” to avoid the nested array sort() loop Stack overflow exception mentioned at several sources, it came back to my mind, that Safari has a much easier “DoS”: javascript:while(1){}. Well, even worse, Safari doesn’t crash, but halts and consumes as much as CPU as possible after a while. Other browsers have some kind of tests, but on one or later point our later every browser so far will enter an infinite loop and render useless or crash.

Prom pointed me to the so called halting problem (1936, from Mr. Alan Turing). Today I learned something about computability theory and I got to understand, that those kinds of bugs are never going to be solved really.

The good side of this hack from my personal point of view is, that the CCC got rid of TWiki, which I personally totally dislike. And since the attacker erased all of the wiki content, we’ll hopefully have a brand new MediaWiki installation in the near future (probably after the 21C3).

tizzy gave me a link to maxload.c, a “RPC Runtime Library Exploit”, which was supposed to compile and run from Linux. Ususally I have no need for those kinds of exploits, since I am not interessted in Windows at all, but I have been asked for a simple possibility to remotely shutdown XP, so I wanted to give that exploit a try. Unfortunatelly my Debian box has a hardware problem, so I handed the exploit over to my fellow c3d2 members in our silc channel.

astro was the first who was complaining about non-existance of some socket code, then a8 successfully compiled the source and got the following in /tmp/hi (formated for better reading)

r0b0 and a8 decided to make some similar funny “exploit” for the congress. It could be very funny to see, how many l33t haxx0rs would use it without recognizing what it’s going on. I like that idea. But anyways, a8 make a good point when he said it remembers him once again to be more careful.